A Heidelberg, Germany, IT security firm named ERNW has found that some Android smartphones can be attacked via Bluetooth because of a new security vulnerability. The new security threat is known as CVE-2020-0022. It allows a hacker within your vicinity to access your phone if your Bluetooth is switched on and to steal your personal information or implant some terrible malware on your smartphone.
Considering that only a hacker standing close to you can execute arbitrary codes on your smartphones, it makes perfect sense to ensure that your Bluetooth is not always turned on or made visible to people around you. An open Bluetooth device can be exploited by fraud-minded individuals to carry out mischiefs. In the case of this new vulnerability, there can be code execution without user intervention, meaning that a smartphone owner does not need to do anything beyond carelessly switching on his Bluetooth device to get hacked.
The German IT firm disclosed that not all Android smartphones are vulnerable to this vulnerability at the moment, but only those running on Android 8 and 9. ERNW has not tested the vulnerability of smartphones running on older Android operating systems, but they think the threat might also be possible for those devices. It is however certain that devices running Android 10 are exempted from the exploited.
Considering that Android 8 and 9 devices are vulnerable to this threat, smartphone users are advised to install the February 2020 security update on their smartphones or use running on Android 10. It is also sound advice to constantly update your phone’s operating system once the manufacturer releases a new security update.
“On Android 8.0 to 9.0, a remote attacker within proximity can silently execute arbitrary code with the privileges of the Bluetooth daemon as long as Bluetooth is enabled,” ERNW had revealed. “No user interaction is required and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address. This vulnerability can lead to the theft of personal data and could potentially be used to spread malware (Short-Distance Worm).”
Given that hackers only need to know your MAC address to attack your smartphone or steal valuable information, you are advised to always switch on your Bluetooth for short periods of time and only for very important reasons. And then, all things being equal, finding anyone’s Bluetooth MAC address isn’t as simple as it sounds.